25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Steve Alder

Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

Oregon CO-OP Suffers Laptop Theft and Breach Notification Snafu

The Oregon CO-OP, a not-for-profit start-up health insurer, has reported the theft of a laptop containing unencrypted data. The laptop did not contain any health information, although names and addresses of current and former members were stored on the device along with Social Security numbers, health plan details, ID numbers, dates of birth, and the names of dependents. The “security incident” was immediately reported to law enforcement officers and the theft is now being investigated. The incident occurred on April 3, although the laptop computer has not yet been recovered. While the device did not have data encryption software installed, it was protected with a password. This, in itself, is not sufficient protection for data of this nature, as passwords can easily be cracked but it does decrease the likelihood of the data being accessed or used to commit fraud. The CO-OP has no reason to believe that this was the case, or that any members’ information was accessed by the perpetrators of the crime. Breach Notification Snafu Delays Letters All affected individuals are being sent...

Read More
Phishing Attack Causes Partners HealthCare System HIPAA Breach
May01

Phishing Attack Causes Partners HealthCare System HIPAA Breach

Partners Healthcare has announced that it has suffered a HIPAA breach after hackers used a phishing attack to gain access to some of its email accounts. While the company’s EHR system was not compromised, the email accounts did contain some PHI and approximately 3,300 patients are believed to have been affected. Partners Healthcare believes that PHI may not have actually been obtained by criminals as there was no evidence discovered that this was the case, although it is possible that Social Security numbers and some clinical information – including diagnoses, treatments and medical appointments – were accessible through the email account, as were patient names, dates of birth, contact telephone numbers, addresses, medical record numbers and health insurance details. According to the breach notification posted on the company’s website, the attack was discovered on November 25, 2014. A group of user’s accounts were compromised after they received and responded to phishing emails in the belief that they were legitimate. Hackers were subsequently able to gain access to the email...

Read More

Calculating the Cost of a HIPAA Data Breach

Calculating the cost of a HIPAA data breach is not a straightforward process, at least not until a number of years after a data breach has occurred. Actions must be taken following a breach, and the cost of notification and damage mitigation can spiral. Financial penalties are also being issued with increasing frequency to healthcare organizations fail to implement the appropriate privacy and security measures to protect patient healthcare data. HIPAA and Breaches of Protected Health Information The Health Insurance Portability and Accountability Act places a requirement on covered entities to employ the appropriate administrative, physical and technical safeguards to prevent the unauthorized disclosure of Protected Health Information (PHI). Patients must also be allowed access to their healthcare information on request, privacy must be respected and policies developed to de-identify data before it is used for research and marketing purposes. Business Associates – any vendor required to come into contact with PHI – must also be vetted to make sure they comply with HIPAA Rules. When...

Read More

LCO Health Center Investigates Potential HIPAA Violations

The Lac Courte Oreilles (LCO) Tribal Governing Board of the Ojibwe Indian Reservation has reported a HIPAA breach in which an undisclosed number of individuals have had their PHI exposed. The LOC reported “several pieces of Health Center information from 2010-2011” were compromised in the incident. An investigation was conducted by the LCO along with the tribal police force into a potential breach of the Health Insurance Portability and Accountability Act (HIPAA) after an employee of the LCO Health Center (LCOHC) took PHI from the health center, according to a notice published on the tribe’s website. Late last year, the Director of the LCOHC was made aware of a potential breach of HIPAA Rules after an employee had allegedly taken health center files home. The following investigation quickly established that the employee had taken the files in order to complete some work; however, those files were not returned to LCOHC “in a timely fashion.” The matter was brought to the attention of the Director of the LCOHC by the employee’s partner, who reported the incident after the couple...

Read More

Saint Agnes Health Care Hack Exposes 25,000 HIPAA Records

Saint Agnes Health Care, Inc. of Maryland has reported that hackers have gained access to an email account as a result of a phishing campaign. One email account was compromised in the attack; however, that user had privileges to access Protected Health Information (PHI) and the account contained the records of approximately 25,000 patients of the facility. Out of the 24,967 records exposed, only four contained Social Security numbers but a considerable amount of data was potentially obtained by the person responsible for the attack. The data included patient names, gender, dates of birth, medical record numbers and health insurance information, and a limited amount of clinical data. It is not clear from the notice when the incident occurred, although it was posted on the company website on April 27, 2015, and the incident was reported to the Office for Civil Rights on April 24, 2015. The email account that was compromised was immediately closed as soon as the intrusion was detected and the healthcare provider has been on high alert since. No further threat is believed to remain of...

Read More
x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist